Posted on January 29, 2018 at 1:28 PM
Hackers Steal Almost $900,000 from County Office in Phishing Scam
Texas’s Harris County recently fell victim to a phishing scam and wired almost $900,000.
Traditionally, hackers have made a profit by exploiting their victims’ lack of tech know-how and often their pure gullibility. However, hackers had managed to reach new lows recently when they exploited the events of the damaging hurricane Harvey to make a quick buck.
The hack came into action when hurricane Harvey did. On September 21st, 2017, while the storms were raging, and over 30% of Harris County has flooded thanks to the hurricane, the Harris County office received an email asking for funds. The email is sent by someone using the name of Fiona Chambers who pretend to be employed by D & W Contractors as their accountant. Surprisingly, D&W Contractors is a real company, in fact, on the day of the email, the company was busy fixing the widespread damage in the county caused by hurricane Harvey. Chambers asked in her email that the county wires $880,000 to the company using a new bank account, so that they may remain compliant with the details set out in their contract.
According to the Houston Chronicle, Chambers states in her email that she can get the form and voided check on the same day in order for it to be on time for the payment.
The county office promptly then wired $888,000 to the new bank account given by Chambers, without first double-checking whether this new bank account is actually legitimate. The next day, the county office soon learned of their mistake, when they realized that D&W Contractors does not employ anyone with the name of Fiona Chambers and that the bank account does not belong to them.
Since this discovery, the incident has been handed over to the FBI for investigation, and they already have suspects, primarily a group of hackers who has been known for targeting governments all over the world. On the plus side, perhaps this phishing scam served as a valuable lesson to Harris County in the importance of cybersecurity and protocol.
Judge Ed Emmet of Harris County noted that the changing landscape and technology provides criminals with a means of coming after you without physical interaction. Emmet added that this latest incident should be a wake-up call to the county office to re-evaluate their systems to prevent any future criminals from stealing taxpayers’ money.
Surprisingly, a similar instance occurred in June 2017 when the Supreme Court Judge, Lori Sattler, was busy selling her apartment to purchase a different one. Sattler received an email, from what she judged to be from an official real estate lawyer.
The email instructed Sattler to transfer a sum of $1 million into the specified bank account. Sattler transferred $1,057,500. However, the money was subsequently sent to the Commerce Bank of China, instead of the bank account.
It has not yet been confirmed whether these two instances are linked. However, it is surprising, albeit alarming, that the hackers demonstrated extensive knowledge of their victims’ exact situations before they chose to exploit them. Perhaps these latest hacks have proved that phishing campaigns are becoming rapidly more sophisticated and that users should exercise a high amount of vigilance to protect themselves. Online users have been instructed to never download attachments from unknown emails and to confirm the legitimacy of the email before transferring money or giving out personal information.